[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

[Tomas Olsson]

David Howells <dhowells@redhat.com> writes:
>  (2) Add a flag to either a keyring or the link to it from the session
>  keyring such that they can be marked for linking through into to a SUID
>  binary's new session keyring.
>
As long as this inheritance works for _anything_ (except newpag()) that a
process might do, this might work for us. From earlier in this thread:

  > I'd say that my id(s) for the distributed system(s) don't necessarily
  > have anything to do with my local uid, so changing uid shouldn't affect
  > my creds for the distributed system(s). Just like doing kinit shouldn't
  > affect my local uid. I can say that being forced to reauthenticate (or
  > similar) to be able to run my scripts in AFS every time I run sudo
  > would be annoying.
  >
  lpr, sendmail, or other apps that are setuid for local storage but
  need access to your credentials to talk to a network server

Is this a reasonable request?

I would probably make it a key flag (rings behave like keys too, right?).

>  (3) Instead of searching the UID and GID rings directly, when a new session
>      ring is created the appropriate UID and GID rings are linked into it
>      automatically. They can be later unlinked if that is desirable.
>
So who is allowed to unlink it? Is it still possible to override individual
uid ring keys in the session ring?

>  (5) On SUID exec, I'm tempted to link the old session keyring to the
>      process's new session keyring, marking it for unlinking on further exec.
> 
Why? Scenario?

/Tomas